/*
  To test, add the file:
  /etc/pam.d/srp_test
  
  # Test SRP module
  auth       required  <path_to_binary>/pam_srp.so <server> <port>
  account    required  <path_to_binary>/pam_srp.so <server> <port>
  passwd     required  <path_to_binary>/pam_srp.so <server> <port>
 */

#include <security/pam_appl.h>
#include <security/pam_misc.h>
#include <stdlib.h>
#include <iostream>

static struct pam_conv conv = {
    misc_conv,
    NULL
};

void err_exit( const char * msg )
{
    std::cerr << msg << std::endl;
    exit(1);
}

int main(int argc, char *argv[])
{
    pam_handle_t *pamh = NULL;
    int           ret;
    const char   *user = NULL;

    if(argc != 2) 
        err_exit("Usage: pam_test [username]\n");
    
    user = argv[1];

    ret = pam_start("srp_test", user, &conv, &pamh);

    if (ret != PAM_SUCCESS)
        err_exit("pam_start failed");

    ret = pam_authenticate(pamh, 0);    /* is user really user? */

    if (ret == PAM_SUCCESS)
        std::cout << "Authenticated!" << std::endl;
    else
        err_exit("pam_authenticate failed");

    ret = pam_acct_mgmt(pamh, 0);       /* permitted access? */

    if (ret == PAM_SUCCESS)
        std::cout << "Account Permitted!" << std::endl;
    else
    {
       if ( ret == PAM_NEW_AUTHTOK_REQD )
          std::cout << "Account Expired! New Password Needed!" << std::endl;
       else
          err_exit("pam_account failed");
    }

    if (pam_end(pamh,ret) != PAM_SUCCESS) 
        err_exit("check_user: failed to release authenticator\n");

    return 0;
}
